mirrors
/
authelia
mirror of https://github.com/authelia/authelia.git
0
0
Fork 0
Code Issues Projects Releases Wiki Activity
authelia/internal/suites/example/compose/envoy/envoy.yaml

257 lines
9.7 KiB
YAML
Raw Permalink Blame History

---
# Enable the admin interface at http://192.168.240.100:9901/ for debugging.
admin:
address:
socket_address:
address: 0.0.0.0
port_value: 9901
static_resources:
listeners:
- name: 'listener_0'
address:
socket_address:
address: '0.0.0.0'
port_value: 8080
filter_chains:
- filters:
- name: 'envoy.filters.network.http_connection_manager'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager' # yamllint disable-line rule:line-length
stat_prefix: 'ingress_http'
use_remote_address: true
skip_xff_append: false
access_log:
- name: 'envoy.access_loggers.stdout'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog'
route_config:
name: 'local_route'
virtual_hosts:
- name: 'login_service'
domains: ['login.example.com:8080']
typed_per_filter_config:
envoy.filters.http.ext_authz:
'@type': 'type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute'
disabled: true
routes:
- match:
prefix: '/.well-known/'
route:
cluster: 'authelia-backend'
- match:
prefix: '/api/'
route:
cluster: 'authelia-backend'
- match:
prefix: '/locales/'
route:
cluster: 'authelia-backend'
- match:
path: '/devworkflow'
route:
cluster: 'authelia-backend'
- match:
path: '/jwks.json'
route:
cluster: 'authelia-backend'
- match:
prefix: '/'
route:
cluster: 'authelia-frontend'
- name: 'mail_service'
domains: ['mail.example.com:8080']
typed_per_filter_config:
envoy.filters.http.ext_authz:
'@type': 'type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute'
disabled: true
routes:
- match:
prefix: '/'
route:
cluster: 'smtp'
- name: 'http_service'
domains: ['*.example.com:8080']
routes:
- match:
prefix: '/headers'
route:
cluster: 'httpbin'
- match:
prefix: '/'
route:
cluster: 'nginx-backend'
http_filters:
- name: 'envoy.filters.http.ext_authz'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz'
transport_api_version: 'v3'
allowed_headers:
patterns:
- exact: 'authorization'
- exact: 'proxy-authorization'
- exact: 'accept'
- exact: 'cookie'
http_service:
path_prefix: '/api/authz/ext-authz/'
server_uri:
uri: 'authelia-backend:9091'
cluster: 'authelia-backend'
timeout: '0.25s'
authorization_request:
headers_to_add:
- key: 'X-Forwarded-Proto'
value: '%REQ(:SCHEME)%'
authorization_response:
allowed_upstream_headers:
patterns:
- exact: 'authorization'
- exact: 'proxy-authorization'
- prefix: 'remote-'
- prefix: 'authelia-'
allowed_client_headers:
patterns:
- exact: 'set-cookie'
allowed_client_headers_on_success:
patterns:
- exact: 'set-cookie'
failure_mode_allow: false
- name: 'envoy.filters.http.router'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.filters.http.router.v3.Router'
transport_socket:
name: 'envoy.transport_sockets.tls'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext'
common_tls_context:
tls_certificates:
- certificate_chain:
filename: '/pki/public.chain.pem'
private_key:
filename: '/pki/private.pem'
clusters:
- name: 'authelia-frontend'
transport_socket_matches:
- name: 'enableTLS'
match:
enableTLS: true
transport_socket:
name: 'envoy.transport_sockets.tls'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext'
common_tls_context: {}
- name: 'defaultTLSDisabled'
match: {}
transport_socket:
name: 'envoy.transport_sockets.raw_buffer'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.transport_sockets.raw_buffer.v3.RawBuffer'
connect_timeout: '0.25s'
type: 'strict_dns'
dns_lookup_family: 'V4_ONLY'
lb_policy: 'round_robin'
load_assignment:
cluster_name: 'authelia-frontend'
endpoints:
- locality:
region: 'dev'
priority: 0
lb_endpoints:
- endpoint:
health_check_config:
hostname: 'authelia-frontend'
port_value: 3000
address:
socket_address:
address: 'authelia-frontend'
port_value: 3000
- locality:
region: 'ci'
priority: 1
lb_endpoints:
- endpoint:
address:
socket_address:
address: 'authelia-backend'
port_value: 9091
metadata:
filter_metadata:
envoy.transport_socket_match:
enableTLS: true
- name: 'authelia-backend'
connect_timeout: '0.25s'
type: 'logical_dns'
dns_lookup_family: 'v4_only'
lb_policy: 'round_robin'
load_assignment:
cluster_name: 'authelia-backend'
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 'authelia-backend'
port_value: 9091
transport_socket:
name: 'envoy.transport_sockets.tls'
typed_config:
'@type': 'type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext'
common_tls_context: {}
- name: 'smtp'
connect_timeout: '0.25s'
type: 'logical_dns'
dns_lookup_family: 'v4_only'
lb_policy: 'round_robin'
load_assignment:
cluster_name: 'smtp'
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 'smtp'
port_value: 8025
- name: 'httpbin'
connect_timeout: '0.25s'
type: 'logical_dns'
dns_lookup_family: 'v4_only'
lb_policy: 'round_robin'
load_assignment:
cluster_name: 'httpbin'
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 'httpbin'
port_value: 8000
- name: 'nginx-backend'
connect_timeout: '0.25s'
type: 'logical_dns'
dns_lookup_family: 'v4_only'
lb_policy: 'round_robin'
load_assignment:
cluster_name: 'nginx-backend'
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 'nginx-backend'
port_value: 80
layered_runtime:
layers:
- name: 'static_layer_0'
static_layer:
envoy:
resource_limits:
listener:
example_listener_name:
connection_limit: 1000
overload_manager:
resource_monitors:
- name: 'envoy.resource_monitors.global_downstream_max_connections'
typed_config:
'@type': type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
max_active_downstream_connections: 1000
...
Reference in New Issue View Git Blame Copy Permalink